Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-17 | CVE-2021-32952 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. | 6.8 |
| 2021-06-17 | CVE-2021-32946 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. | 6.8 |
| 2021-06-16 | CVE-2020-27339 | Improper Input Validation vulnerability in multiple products In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. | 7.2 |
| 2021-06-16 | CVE-2021-20093 | Out-of-bounds Read vulnerability in multiple products A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. | 9.1 |
| 2021-06-16 | CVE-2021-20094 | Out-of-bounds Read vulnerability in multiple products A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. | 5.0 |
| 2021-06-15 | CVE-2021-27388 | Improper Input Validation vulnerability in Siemens products SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). | 7.5 |
| 2021-06-11 | CVE-2021-22897 | Exposure of Resource to Wrong Sphere vulnerability in multiple products curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. | 5.3 |
| 2021-06-11 | CVE-2021-22898 | Missing Initialization of Resource vulnerability in multiple products curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. | 3.1 |
| 2021-06-11 | CVE-2021-22901 | Use After Free vulnerability in multiple products curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. | 8.1 |
| 2021-06-09 | CVE-2020-12357 | Improper Initialization vulnerability in multiple products Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |